Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/api/ApiUserrights.php

241 lines
6.4 KiB
PHP
Raw Normal View History

Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
<?php
API: fix copyright symbol, coding style cleanup, more braces
2010-02-26 13:18:56 +00:00
/**
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
* API userrights module
Standardised file description headers, added @file
2010-08-07 19:59:42 +00:00
*
escape HTML elements in docblock with double quotes Doxygen choke on text enclosed by '<' and '>' since it tries to interpret them as HTML or XML elements. This patch adds double quotes in includes/api/*.php files around the two following strings: <Firstname>.<Lastname>@gmail.com <Firstname><Lastname>@gmail.com Which becomes: "<Firstname>.<Lastname>@gmail.com" "<Firstname><Lastname>@gmail.com" Tested locally, it prevents doxygen 1.8.0 related warnings. Change-Id: I36d82eb3fd4989ee3ffc65b0b527b83711d1ba69
2012-07-15 20:13:02 +00:00
* Copyright © 2009 Roan Kattouw "<Firstname>.<Lastname>@gmail.com"
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
Correct the address of the FSF in some of the GPL headers 59 Temple Place -> 51 Franklin Street
2010-06-21 13:13:32 +00:00
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
* http://www.gnu.org/copyleft/gpl.html
Standardised file description headers, added @file
2010-08-07 19:59:42 +00:00
*
* @file
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
*/
API: Use ParamValidator library This brings significant modularization to the Action API's parameter validation, and allows the Action API and MW REST API to share validation code. Note there are several changes in this patch that may affect other code; see the entries in RELEASE-NOTES-1.35 for details. Bug: T142080 Bug: T232672 Bug: T21195 Bug: T34675 Bug: T154774 Change-Id: I1462edc1701278760fa695308007006868b249fc Depends-On: I10011be060fe6d27c7527312ad41218786b3f40d
2019-08-21 19:53:53 +00:00
use MediaWiki\ParamValidator\TypeDef\UserDef;
Authority: expose user block info Expose info about user blocks from Authority. This allows calling code to provide more detailed information to the user about why they are denied some action on the wiki. Bug: T271494 Change-Id: Ia84e469888866d72752aad355292666c31e12bad
2021-03-10 19:40:33 +00:00
use MediaWiki\Permissions\Authority;
API: Use ParamValidator library This brings significant modularization to the Action API's parameter validation, and allows the Action API and MW REST API to share validation code. Note there are several changes in this patch that may affect other code; see the entries in RELEASE-NOTES-1.35 for details. Bug: T142080 Bug: T232672 Bug: T21195 Bug: T34675 Bug: T154774 Change-Id: I1462edc1701278760fa695308007006868b249fc Depends-On: I10011be060fe6d27c7527312ad41218786b3f40d
2019-08-21 19:53:53 +00:00
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
/**
* @ingroup API
*/
class ApiUserrights extends ApiBase {
Refactor getTokenSalt to use caching getUser/getTitle in ApiRollback and ApiUserrights
2010-04-10 13:33:24 +00:00
private $mUser = null;
User rights API: Abstract out some stuff about core's form into separate methods To we can make a CentralAuth API module for global user rights. Bug: 71495 Change-Id: I139c43e5eaa1fb63b75baddbafb7caa3c964d6b5
2014-10-01 12:06:10 +00:00
/**
* Get a UserrightsPage object, or subclass.
* @return UserrightsPage
*/
protected function getUserRightsPage() {
return new UserrightsPage;
}
/**
* Get all available groups.
* @return array
*/
protected function getAllGroups() {
return User::getAllGroups();
}
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
public function execute() {
Prevent blocked users from changing user rights through the API Prevent blocked users only if they do not have full userrights privleges, which is the same behavior as implemented in Special:UserRights. Change-Id: I69557b0951c8fb8b4e7d3ba571b0e5d30782ab4c
2015-12-21 20:17:40 +00:00
$pUser = $this->getUser();
// Deny if the user is blocked and doesn't have the full 'userrights' permission.
// This matches what Special:UserRights does for the web UI.
Use Authority and GroupPermissionLookup in Action API Replaces calls directly to PermissionManager with calls to the Authority object available from Context or the GroupPermissionLookup service. This patch does not address use of PermissionManager for blocks. Deprecations: - ApiBase::checkUserRightsAny deprecated passing optional User parameter - ApiBase::checkTitleUserPermissions deprecated passing LinkTarget as first parameter, takes PageIdentity instead Bug: T271462 Bug: T271854 Change-Id: I5d7cac1c28a37e074750c46cda03283980a07fca
2021-01-11 15:26:02 +00:00
if ( !$this->getAuthority()->isAllowed( 'userrights' ) ) {
Authority: expose user block info Expose info about user blocks from Authority. This allows calling code to provide more detailed information to the user about why they are denied some action on the wiki. Bug: T271494 Change-Id: Ia84e469888866d72752aad355292666c31e12bad
2021-03-10 19:40:33 +00:00
$block = $pUser->getBlock( Authority::READ_LATEST );
Users with partial access to user rights should not be blocked If a user has partial access to modify user rights, their partial access should not be blocked because of a partial block. Bug: T228534 Change-Id: I7479953f1ef99d437184e5cbbe06adedf5b7a47b
2019-07-19 17:37:27 +00:00
if ( $block && $block->isSitewide() ) {
Deprecate User::isBlocked() The method User::isBlocked() attempts to answer two questions: (1) Does the user have a block? (2) Is the user prevented from performing this action? The method can answer #1, but it cannot answer #2. Since User::getBlock() can also answer #1, this method is redundant. The method cannot answer #2 because there is not enough context in order to answer that question. If access is being checked against a Title object, all access checks can be performed with PermissionManager:userCan() which will also check the user's blocks. If performing all access checks is not desirable, using PermissionManager::isBlockedFrom() is also acceptable for only checking if the user is blocked. This method does *not* determine if the action is allowed, only that the user's block applies to that Title. If access is being checked without an existing Title, User::getBlock() can be used to get the user's block. Then Block::appliesToRight() can be used to determine if the block applies explicitly to a right (or returns null if it is unknown or false if explicitly allowed). If the user is creating a new Title, but the text of the title is not yet known (as in the case of Wikibase), access should be checked with Block::appliesToNamespace(). Bug: T209004 Change-Id: Ic0ad1b92e957797fee8dcd00bd1092fe69fa58f1
2019-04-23 17:51:54 +00:00
$this->dieBlocked( $block );
}
Prevent blocked users from changing user rights through the API Prevent blocked users only if they do not have full userrights privleges, which is the same behavior as implemented in Special:UserRights. Change-Id: I69557b0951c8fb8b4e7d3ba571b0e5d30782ab4c
2015-12-21 20:17:40 +00:00
}
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
$params = $this->extractRequestParams();
API: fix copyright symbol, coding style cleanup, more braces
2010-02-26 13:18:56 +00:00
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
// Figure out expiry times from the input
Test ApiUserrights Fixed bug: in PHP versions less than 5.6.0, any request that didn't attempt to add any groups would warn, because it would call array_fill() with the second argument (num) equal to 0. From PHP 5.6.0, the num argument to array_fill() is allowed to be 0. Change-Id: I0c5772f15d8f550dc43fb37c3c58d15dd73ea584
2018-04-09 18:38:09 +00:00
// $params['expiry'] is not set in CentralAuth's ApiGlobalUserRights subclass
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
if ( isset( $params['expiry'] ) ) {
$expiry = (array)$params['expiry'];
} else {
$expiry = [ 'infinity' ];
}
API: Account for PHP 7.2 change PHP 7.2 broke existing functionality in making count( null ) raise a warning. So add tests for null all over the place, or change tests where we know the value is null or an array (but not false, empty-string, or 0) to just cast to boolean. Bug: T182004 Change-Id: Idfe23a07daa9f60eee72f2daf04304be87057a29
2017-12-04 18:36:48 +00:00
$add = (array)$params['add'];
Test ApiUserrights Fixed bug: in PHP versions less than 5.6.0, any request that didn't attempt to add any groups would warn, because it would call array_fill() with the second argument (num) equal to 0. From PHP 5.6.0, the num argument to array_fill() is allowed to be 0. Change-Id: I0c5772f15d8f550dc43fb37c3c58d15dd73ea584
2018-04-09 18:38:09 +00:00
if ( !$add ) {
$expiry = [];
} elseif ( count( $expiry ) !== count( $add ) ) {
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
if ( count( $expiry ) === 1 ) {
API: Account for PHP 7.2 change PHP 7.2 broke existing functionality in making count( null ) raise a warning. So add tests for null all over the place, or change tests where we know the value is null or an array (but not false, empty-string, or 0) to just cast to boolean. Bug: T182004 Change-Id: Idfe23a07daa9f60eee72f2daf04304be87057a29
2017-12-04 18:36:48 +00:00
$expiry = array_fill( 0, count( $add ), $expiry[0] );
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
} else {
$this->dieWithError( [
'apierror-toofewexpiries',
count( $expiry ),
API: Account for PHP 7.2 change PHP 7.2 broke existing functionality in making count( null ) raise a warning. So add tests for null all over the place, or change tests where we know the value is null or an array (but not false, empty-string, or 0) to just cast to boolean. Bug: T182004 Change-Id: Idfe23a07daa9f60eee72f2daf04304be87057a29
2017-12-04 18:36:48 +00:00
count( $add )
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
] );
}
}
// Validate the expiries
$groupExpiries = [];
foreach ( $expiry as $index => $expiryValue ) {
API: Account for PHP 7.2 change PHP 7.2 broke existing functionality in making count( null ) raise a warning. So add tests for null all over the place, or change tests where we know the value is null or an array (but not false, empty-string, or 0) to just cast to boolean. Bug: T182004 Change-Id: Idfe23a07daa9f60eee72f2daf04304be87057a29
2017-12-04 18:36:48 +00:00
$group = $add[$index];
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
$groupExpiries[$group] = UserrightsPage::expiryToTimestamp( $expiryValue );
if ( $groupExpiries[$group] === false ) {
$this->dieWithError( [ 'apierror-invalidexpiry', wfEscapeWikiText( $expiryValue ) ] );
}
// not allowed to have things expiring in the past
if ( $groupExpiries[$group] && $groupExpiries[$group] < wfTimestampNow() ) {
$this->dieWithError( [ 'apierror-pastexpiry', wfEscapeWikiText( $expiryValue ) ] );
}
}
API: Overhaul token handling The current token handling is a mess. This simplifies things greatly: * *All* tokens are obtained from action=query&meta=tokens, rather than being spread over action=tokens, action=query&prop=info, action=query&prop=revisions, action=query&prop=recentchanges, and action=query&prop=users. All these old methods are deprecated. * Similarly, there is only one hook to register new token types. All old hooks are deprecated. * All tokens are cacheable. * Most token types are dropped in favor of a 'csrf' token. They already were returning the same token anyway. * All token-using modules will document the required token type in a standard manner in action=help and are documented in machine-readable fashion in action=paraminfo. Note this will require updates to all extensions using tokens. Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
2014-08-08 16:56:07 +00:00
$user = $this->getUrUser( $params );
API: fix copyright symbol, coding style cleanup, more braces
2010-02-26 13:18:56 +00:00
Add tags support to userrights Bug: T97720 Change-Id: I4f6dacd0ddf7b45d62aff6f85c329bc15be27daf
2017-01-02 11:26:36 +00:00
$tags = $params['tags'];
// Check if user can add tags
API: Fix PHP Warning for "count(): Parameter must be an array" Found by the new ApiUserrights test introduced in 5ab1bee6bcf: > includes/specials/SpecialUserrights.php:462 > includes/specials/SpecialUserrights.php:405 > includes/api/ApiUserrights.php:116 The $tags parameter of the UserrightsPage::doSaveUserGroups() method must be an array and is not nullable. Fix the caller to not pass null, but an empty array. Bug: T182377 Change-Id: Ic9be6a0bddfac023de765c810c07a64d651c33b4
2018-04-19 01:39:23 +00:00
if ( $tags !== null ) {
Convert ChangeTags public interface to Authority. Bug: T275507 Change-Id: I3b7f99391ab299df2b046a2878010cf6afe7fed7
2021-02-23 20:45:00 +00:00
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( $tags, $this->getAuthority() );
Add tags support to userrights Bug: T97720 Change-Id: I4f6dacd0ddf7b45d62aff6f85c329bc15be27daf
2017-01-02 11:26:36 +00:00
if ( !$ableToTag->isOK() ) {
$this->dieStatus( $ableToTag );
}
}
User rights API: Abstract out some stuff about core's form into separate methods To we can make a CentralAuth API module for global user rights. Bug: 71495 Change-Id: I139c43e5eaa1fb63b75baddbafb7caa3c964d6b5
2014-10-01 12:06:10 +00:00
$form = $this->getUserRightsPage();
Set context when using UserrightsPage SpecialPage::getContext called and $mContext is null. Return RequestContext::getMain(); for sanity Change-Id: Ie0ed360835164e8a4eb1c675ec8edd944ab95898
2013-05-24 13:58:54 +00:00
$form->setContext( $this->getContext() );
Unsuppress more phan issues (part 5) Bug: T231636 Depends-On: I6e5fba7bd273219b1206559420b5bdb78734aa84 Change-Id: I50377746f01749b058c39fd8229f9d566224cc43
2019-08-30 17:56:27 +00:00
$r = [];
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
$r['user'] = $user->getName();
(bug 19195) Make user IDs more readily available with the API Add some block ids and user ids to the result of some modules Change-Id: If50604b888a54827eddde76574e779db6c7263ec
2012-04-22 12:20:46 +00:00
$r['userid'] = $user->getId();
Update indentation in ApiUserrights::execute() The previous formatting was inconsistent. Change-Id: I22d7cba00cd39df7069b47f78ca130e3e031ceb4
2013-11-17 19:25:44 +00:00
list( $r['added'], $r['removed'] ) = $form->doSaveUserGroups(
API: Fix PHP Warning for "count(): Parameter must be an array" Found by the new ApiUserrights test introduced in 5ab1bee6bcf: > includes/specials/SpecialUserrights.php:462 > includes/specials/SpecialUserrights.php:405 > includes/api/ApiUserrights.php:116 The $tags parameter of the UserrightsPage::doSaveUserGroups() method must be an array and is not nullable. Fix the caller to not pass null, but an empty array. Bug: T182377 Change-Id: Ic9be6a0bddfac023de765c810c07a64d651c33b4
2018-04-19 01:39:23 +00:00
// Don't pass null to doSaveUserGroups() for array params, cast to empty array
phan: Enable redundant_condition_detection Remove duplicate casts Suppress false positives Bug: T248438 Change-Id: I2f89664a4bcd3b39b15e7cf850adda2f0c90ae6f
2020-06-15 10:46:22 +00:00
$user, $add, (array)$params['remove'],
API: Fix PHP Warning for "count(): Parameter must be an array" Found by the new ApiUserrights test introduced in 5ab1bee6bcf: > includes/specials/SpecialUserrights.php:462 > includes/specials/SpecialUserrights.php:405 > includes/api/ApiUserrights.php:116 The $tags parameter of the UserrightsPage::doSaveUserGroups() method must be an array and is not nullable. Fix the caller to not pass null, but an empty array. Bug: T182377 Change-Id: Ic9be6a0bddfac023de765c810c07a64d651c33b4
2018-04-19 01:39:23 +00:00
$params['reason'], (array)$tags, $groupExpiries
Update indentation in ApiUserrights::execute() The previous formatting was inconsistent. Change-Id: I22d7cba00cd39df7069b47f78ca130e3e031ceb4
2013-11-17 19:25:44 +00:00
);
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
Fix trailing whitespace Swap methods that call $this->getResult() to use temporary variable
2011-06-29 23:46:39 +00:00
$result = $this->getResult();
API: Overhaul ApiResult, make format=xml not throw, and add json formatversion ApiResult was a mess: some methods could only be used with an array reference instead of manipulating the stored data, methods that had both array-ref and internal-data versions had names that didn't at all correspond, some methods that worked on an array reference were annoyingly non-static, and then the whole mess with setIndexedTagName. ApiFormatXml is also entirely annoying to deal with, as it liked to throw exceptions if certain metadata wasn't provided that no other formatter required. Its legacy also means we have this silly convention of using empty-string rather than boolean true, annoying restrictions on keys (leading to things that should be hashes being arrays of key-value object instead), '*' used as a key all over the place, and so on. So, changes here: * ApiResult is no longer an ApiBase or a ContextSource. * Wherever sensible, ApiResult provides a static method working on an arrayref and a non-static method working on internal data. * Metadata is now always added to ApiResult's internal data structure. Formatters are responsible for stripping it if necessary. "raw mode" is deprecated. * New metadata to replace the '*' key, solve the array() => '[]' vs '{}' question, and so on. * New class for formatting warnings and errors using i18n messages, and support for multiple errors and a more machine-readable format for warnings. For the moment, though, the actual output will not be changing yet (see T47843 for future plans). * New formatversion parameter for format=json and format=php, to select between BC mode and the modern output. * In BC mode, booleans will be converted to empty-string presence style; modules currently returning booleans will need to use ApiResult::META_BC_BOOLS to preserve their current output. Actual changes to the API modules' output (e.g. actually returning booleans for the new formatversion) beyond the use of ApiResult::setContentValue() are left for a future change. Bug: T76728 Bug: T57371 Bug: T33629 Change-Id: I7b37295e8862b188d1f3b0cd07f66ac34629678f
2014-12-03 22:14:22 +00:00
ApiResult::setIndexedTagName( $r['added'], 'group' );
ApiResult::setIndexedTagName( $r['removed'], 'group' );
Fix trailing whitespace Swap methods that call $this->getResult() to use temporary variable
2011-06-29 23:46:39 +00:00
$result->addValue( null, $this->getModuleName(), $r );
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
}
Stylize API up to date Fix spaces from r69755 Minor update to RELEASE-NOTES per r69753
2010-07-23 07:33:40 +00:00
Function return type hints Explicit class variable definition
2010-10-28 00:04:48 +00:00
/**
API: Overhaul token handling The current token handling is a mess. This simplifies things greatly: * *All* tokens are obtained from action=query&meta=tokens, rather than being spread over action=tokens, action=query&prop=info, action=query&prop=revisions, action=query&prop=recentchanges, and action=query&prop=users. All these old methods are deprecated. * Similarly, there is only one hook to register new token types. All old hooks are deprecated. * All tokens are cacheable. * Most token types are dropped in favor of a 'csrf' token. They already were returning the same token anyway. * All token-using modules will document the required token type in a standard manner in action=help and are documented in machine-readable fashion in action=paraminfo. Note this will require updates to all extensions using tokens. Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
2014-08-08 16:56:07 +00:00
* @param array $params
Function return type hints Explicit class variable definition
2010-10-28 00:04:48 +00:00
* @return User
*/
API: Overhaul token handling The current token handling is a mess. This simplifies things greatly: * *All* tokens are obtained from action=query&meta=tokens, rather than being spread over action=tokens, action=query&prop=info, action=query&prop=revisions, action=query&prop=recentchanges, and action=query&prop=users. All these old methods are deprecated. * Similarly, there is only one hook to register new token types. All old hooks are deprecated. * All tokens are cacheable. * Most token types are dropped in favor of a 'csrf' token. They already were returning the same token anyway. * All token-using modules will document the required token type in a standard manner in action=help and are documented in machine-readable fashion in action=paraminfo. Note this will require updates to all extensions using tokens. Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
2014-08-08 16:56:07 +00:00
private function getUrUser( array $params ) {
Mixture of things. Couple of class comments Normalisation of "." usage at end of lines (removed) Normalisation of {prefix}parameter as per bug 23461
2010-05-11 22:30:18 +00:00
if ( $this->mUser !== null ) {
return $this->mUser;
}
Explicitly support user id in action=userrights Bug: 32493 Change-Id: I2279cde5d0077f8a0612e707a2410693c5e53a12
2013-12-14 20:47:06 +00:00
$this->requireOnlyOneParameter( $params, 'user', 'userid' );
Use PHP 7 '??' operator instead of '?:' with 'isset()' where convenient Find: /isset\(\s*([^()]+?)\s*\)\s*\?\s*\1\s*:\s*/ Replace with: '\1 ?? ' (Everywhere except includes/PHPVersionCheck.php) (Then, manually fix some line length and indentation issues) Then manually reviewed the replacements for cases where confusing operator precedence would result in incorrect results (fixing those in I478db046a1cc162c6767003ce45c9b56270f3372). Change-Id: I33b421c8cb11cdd4ce896488c9ff5313f03a38cf
2017-10-06 22:17:58 +00:00
$user = $params['user'] ?? '#' . $params['userid'];
Mixture of things. Couple of class comments Normalisation of "." usage at end of lines (removed) Normalisation of {prefix}parameter as per bug 23461
2010-05-11 22:30:18 +00:00
User rights API: Abstract out some stuff about core's form into separate methods To we can make a CentralAuth API module for global user rights. Bug: 71495 Change-Id: I139c43e5eaa1fb63b75baddbafb7caa3c964d6b5
2014-10-01 12:06:10 +00:00
$form = $this->getUserRightsPage();
Set context when using UserrightsPage SpecialPage::getContext called and $mContext is null. Return RequestContext::getMain(); for sanity Change-Id: Ie0ed360835164e8a4eb1c675ec8edd944ab95898
2013-05-24 13:58:54 +00:00
$form->setContext( $this->getContext() );
Explicitly support user id in action=userrights Bug: 32493 Change-Id: I2279cde5d0077f8a0612e707a2410693c5e53a12
2013-12-14 20:47:06 +00:00
$status = $form->fetchUser( $user );
Mixture of things. Couple of class comments Normalisation of "." usage at end of lines (removed) Normalisation of {prefix}parameter as per bug 23461
2010-05-11 22:30:18 +00:00
if ( !$status->isOK() ) {
Return errors from WatchAction Currently, WatchAction::doWatch and WatchAction::doUnwatch return true always. Let's have them return a status object instead. This also cleans up the handling of Status objects in some of the API modules. Change-Id: I9dd9f0fd499c37f29fa12bcdb6142238a1f11e4d
2013-06-13 17:56:29 +00:00
$this->dieStatus( $status );
Mixture of things. Couple of class comments Normalisation of "." usage at end of lines (removed) Normalisation of {prefix}parameter as per bug 23461
2010-05-11 22:30:18 +00:00
}
Simplify ApiUserRights::getUrUser() Remove unneeded else and local variable assignment. Change-Id: I166d811b220e925be11da5c49b6fe55f0d8e71c8
2013-11-17 19:22:39 +00:00
$this->mUser = $status->value;
The light at the end of the API code format updating tunnel Change-Id: I12fdb71bc87a8ad5ed5b9f1fe9c06bd0f7154e9a
2013-11-14 13:01:41 +00:00
Simplify ApiUserRights::getUrUser() Remove unneeded else and local variable assignment. Change-Id: I166d811b220e925be11da5c49b6fe55f0d8e71c8
2013-11-17 19:22:39 +00:00
return $status->value;
Mixture of things. Couple of class comments Normalisation of "." usage at end of lines (removed) Normalisation of {prefix}parameter as per bug 23461
2010-05-11 22:30:18 +00:00
}
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
public function mustBePosted() {
return true;
}
public function isWriteMode() {
return true;
}
Sort user groups when shown in drop-downs This makes searching for them easier and makes their order less arbitrary, especially when they are localized. Replace one sort function wrongly chosen by me. Change-Id: I231f28656333c5bf846bedfedb6ba5040a09f74e
2019-09-24 11:49:18 +00:00
public function getAllowedParams( $flags = 0 ) {
$allGroups = $this->getAllGroups();
if ( $flags & ApiBase::GET_VALUES_FOR_HELP ) {
sort( $allGroups );
}
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
$a = [
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
'user' => [
API: Flag "user" parameters in various modules as type 'user' The API 'user' type accepts both user names and IP addresses, and applies normalization but not canonicalization. We should be using this on basically every user parameter to ensure that e.g. IPv6 usernames get uppercased. Bug: T122803 Change-Id: Ic67fb54061ac311e54f325b2a1a4658f43b8fef4
2016-01-04 18:55:26 +00:00
ApiBase::PARAM_TYPE => 'user',
API: Use ParamValidator library This brings significant modularization to the Action API's parameter validation, and allows the Action API and MW REST API to share validation code. Note there are several changes in this patch that may affect other code; see the entries in RELEASE-NOTES-1.35 for details. Bug: T142080 Bug: T232672 Bug: T21195 Bug: T34675 Bug: T154774 Change-Id: I1462edc1701278760fa695308007006868b249fc Depends-On: I10011be060fe6d27c7527312ad41218786b3f40d
2019-08-21 19:53:53 +00:00
UserDef::PARAM_ALLOWED_USER_TYPES => [ 'name', 'id' ],
UserDef::PARAM_RETURN_OBJECT => true,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'userid' => [
Explicitly support user id in action=userrights Bug: 32493 Change-Id: I2279cde5d0077f8a0612e707a2410693c5e53a12
2013-12-14 20:47:06 +00:00
ApiBase::PARAM_TYPE => 'integer',
API: Use ParamValidator library This brings significant modularization to the Action API's parameter validation, and allows the Action API and MW REST API to share validation code. Note there are several changes in this patch that may affect other code; see the entries in RELEASE-NOTES-1.35 for details. Bug: T142080 Bug: T232672 Bug: T21195 Bug: T34675 Bug: T154774 Change-Id: I1462edc1701278760fa695308007006868b249fc Depends-On: I10011be060fe6d27c7527312ad41218786b3f40d
2019-08-21 19:53:53 +00:00
ApiBase::PARAM_DEPRECATED => true,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'add' => [
Sort user groups when shown in drop-downs This makes searching for them easier and makes their order less arbitrary, especially when they are localized. Replace one sort function wrongly chosen by me. Change-Id: I231f28656333c5bf846bedfedb6ba5040a09f74e
2019-09-24 11:49:18 +00:00
ApiBase::PARAM_TYPE => $allGroups,
API: fix copyright symbol, coding style cleanup, more braces
2010-02-26 13:18:56 +00:00
ApiBase::PARAM_ISMULTI => true
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
'expiry' => [
ApiBase::PARAM_ISMULTI => true,
ApiBase::PARAM_ALLOW_DUPLICATES => true,
ApiBase::PARAM_DFLT => 'infinite',
],
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
'remove' => [
Sort user groups when shown in drop-downs This makes searching for them easier and makes their order less arbitrary, especially when they are localized. Replace one sort function wrongly chosen by me. Change-Id: I231f28656333c5bf846bedfedb6ba5040a09f74e
2019-09-24 11:49:18 +00:00
ApiBase::PARAM_TYPE => $allGroups,
API: fix copyright symbol, coding style cleanup, more braces
2010-02-26 13:18:56 +00:00
ApiBase::PARAM_ISMULTI => true
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'reason' => [
API: fix copyright symbol, coding style cleanup, more braces
2010-02-26 13:18:56 +00:00
ApiBase::PARAM_DFLT => ''
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'token' => [
API: Internationalize all remaining core API modules This also adds some new ApiBase::PARAM_* constants to generate more helpful help, and a method to override the default description message for the use of ApiDisabled and ApiQueryDisabled. Bug: 71638 Change-Id: Ic0c3d232e0498d58a043037e2e0c6f0b1c3edad3
2014-09-18 17:38:23 +00:00
// Standard definition automatically inserted
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
ApiBase::PARAM_HELP_MSG_APPEND => [ 'api-help-param-token-webui' ],
],
Add tags support to userrights Bug: T97720 Change-Id: I4f6dacd0ddf7b45d62aff6f85c329bc15be27daf
2017-01-02 11:26:36 +00:00
'tags' => [
ApiBase::PARAM_TYPE => 'tags',
ApiBase::PARAM_ISMULTI => true
],
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
Test ApiUserrights Fixed bug: in PHP versions less than 5.6.0, any request that didn't attempt to add any groups would warn, because it would call array_fill() with the second argument (num) equal to 0. From PHP 5.6.0, the num argument to array_fill() is allowed to be 0. Change-Id: I0c5772f15d8f550dc43fb37c3c58d15dd73ea584
2018-04-09 18:38:09 +00:00
// CentralAuth's ApiGlobalUserRights subclass can't handle expiries
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
if ( !$this->getUserRightsPage()->canProcessExpiries() ) {
unset( $a['expiry'] );
}
return $a;
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
}
* (bug 25248) API: paraminfo errors with certain modules Added a needsToken() function, rather than calling getTokenSalt, which can throw silly errors due to dependencies on parameters
2010-10-01 20:12:50 +00:00
public function needsToken() {
API: Overhaul token handling The current token handling is a mess. This simplifies things greatly: * *All* tokens are obtained from action=query&meta=tokens, rather than being spread over action=tokens, action=query&prop=info, action=query&prop=revisions, action=query&prop=recentchanges, and action=query&prop=users. All these old methods are deprecated. * Similarly, there is only one hook to register new token types. All old hooks are deprecated. * All tokens are cacheable. * Most token types are dropped in favor of a 'csrf' token. They already were returning the same token anyway. * All token-using modules will document the required token type in a standard manner in action=help and are documented in machine-readable fashion in action=paraminfo. Note this will require updates to all extensions using tokens. Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
2014-08-08 16:56:07 +00:00
return 'userrights';
* (bug 25248) API: paraminfo errors with certain modules Added a needsToken() function, rather than calling getTokenSalt, which can throw silly errors due to dependencies on parameters
2010-10-01 20:12:50 +00:00
}
API: Overhaul token handling The current token handling is a mess. This simplifies things greatly: * *All* tokens are obtained from action=query&meta=tokens, rather than being spread over action=tokens, action=query&prop=info, action=query&prop=revisions, action=query&prop=recentchanges, and action=query&prop=users. All these old methods are deprecated. * Similarly, there is only one hook to register new token types. All old hooks are deprecated. * All tokens are cacheable. * Most token types are dropped in favor of a 'csrf' token. They already were returning the same token anyway. * All token-using modules will document the required token type in a standard manner in action=help and are documented in machine-readable fashion in action=paraminfo. Note this will require updates to all extensions using tokens. Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
2014-08-08 16:56:07 +00:00
protected function getWebUITokenSalt( array $params ) {
return $this->getUrUser( $params )->getName();
Refactor getTokenSalt to use caching getUser/getTitle in ApiRollback and ApiUserrights
2010-04-10 13:33:24 +00:00
}
API: Fix access on getExamplesMessages ApiBase declares it protected, but for some reason I had made it public in all subclasses. Change-Id: I8a50d4f47e66c7f09137968d3941dc5cdc1d28e4
2014-10-28 17:17:02 +00:00
protected function getExamplesMessages() {
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
$a = [
API: Internationalize all remaining core API modules This also adds some new ApiBase::PARAM_* constants to generate more helpful help, and a method to override the default description message for the use of ApiDisabled and ApiQueryDisabled. Bug: 71638 Change-Id: Ic0c3d232e0498d58a043037e2e0c6f0b1c3edad3
2014-09-18 17:38:23 +00:00
'action=userrights&user=FooBot&add=bot&remove=sysop|bureaucrat&token=123ABC'
=> 'apihelp-userrights-example-user',
'action=userrights&userid=123&add=bot&remove=sysop|bureaucrat&token=123ABC'
=> 'apihelp-userrights-example-userid',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
User group memberships that expire This patch adds an ug_expiry column to the user_groups table, a timestamp giving a date when the user group expires. A new UserGroupMembership class, based on the Block class, manages entries in this table. When the expiry date passes, the row in user_groups is ignored, and will eventually be purged from the DB when UserGroupMembership::insert is next called. Old, expired user group memberships are not kept; instead, the log entries are available to find the history of these memberships, similar to the way it has always worked for blocks and protections. Anyone getting user group info through the User object will get correct information. However, code that reads the user_groups table directly will now need to skip over rows with ug_expiry < wfTimestampNow(). See UsersPager for an example of how to do this. NULL is used to represent infinite (no) expiry, rather than a string 'infinity' or similar (except in the API). This allows existing user group assignments and log entries, which are all infinite in duration, to be treated the same as new, infinite-length memberships, without special casing everything. The whole thing is behind the temporary feature flag $wgDisableUserGroupExpiry, in accordance with the WMF schema change policy. The opportunity has been taken to refactor some static user-group-related functions out of User into UserGroupMembership, and also to add a primary key (ug_user, ug_group) to the user_groups table. There are a few breaking changes: - UserRightsProxy-like objects are now required to have a getGroupMemberships() function. - $user->mGroups (on a User object) is no longer present. - Some protected functions in UsersPager are altered or removed. - The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted extension) has a change of parameter. Bug: T12493 Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8 Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
2017-01-12 06:07:56 +00:00
if ( $this->getUserRightsPage()->canProcessExpiries() ) {
$a['action=userrights&user=SometimeSysop&add=sysop&expiry=1%20month&token=123ABC']
= 'apihelp-userrights-example-expiry';
}
return $a;
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
}
Followup r92396, add help urls for most of the core (non query) modules
2011-07-17 16:38:24 +00:00
public function getHelpUrls() {
Make API documentation links language aware Links generated by the API are now aware of the user's preferred language and will show documents in that language if available. To test, log in to mediawiki.org and set your language preference to 'es', then on an MediaWiki installation with this patch view the generated expanded API help at `api.php?action=help&recursivesubmodules=1&modules=main`. Each link to documentation on mediawiki.org should take you to its translated /es subpage, if one exists. Bug: T104518 Change-Id: I339a1f3ae1bce9d759cf251899d57c32b1def91e
2017-04-04 22:52:57 +00:00
return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:User_group_membership';
Followup r92396, add help urls for most of the core (non query) modules
2011-07-17 16:38:24 +00:00
}
Redo r48746 (API userrights, reverted in r48909 and r48910) in a way that doesn't break CentralAuth. Basically, this works around PHP's inability (at least in < 5.3) to override static methods by adding a hook. Changes to CentralAuth in next commit.
2009-03-28 19:08:47 +00:00
}
Reference in a new issue Copy permalink